Skip to content

Lead Risk Management Consultant

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

The Lead Risk Management Consultant serves as the key integrated information and technology risk advisor, working to optimize and balance risks and controls. You will: manage information risk outcomes; develop and manage relationships with business leaders and risk partners; ensure processes and controls are aligned with established information risk strategy, accountable for escalating information risk issues and balancing business needs with information risk implications, to foster a business environment that effectively manages information risk; resolve escalated information risk issues related to information protection policies, standards, processes and controls; manage overall results of multiple projects within the information risk program (including accountability for defining and managing scope, schedule, cost, and quality); communicate project status to stakeholders; ensure compliance with Company-approved risk management methodology.

Lead, coach, and mentor NM staff on EIRC's information risk management approach to ensure consistency and quality. You hold yourself to a high standard, proactively working to enhance industry knowledge.

  • Responsible for the advancement of the information risk strategy to foster a business environment that effectively manages information risk.  Communicates the information risk strategy with business clients, Tech function, vendors, field and senior management to ensure common understanding and acceptance.

  • Manages overall results of multiple projects within the information risk program including accountability for defining and managing scope, schedule, cost, and quality.  Communicates project status to appropriate stakeholders.  Ensures compliance with company approved methodology and required deliverables and applies lessons learned throughout subsequent project phases.

  • Manages relationships with business clients and gains broad knowledge of their business.  Ensures expectations are managed and that clients gain a full understanding of information risks and controls, and the impact on their business.

  • Maintains deep understanding of information technology risks associated with technologies (e.g., applications, operating systems, platforms) and technology-enabled processes, capabilities, and services in use at NM.

  • Leads execution of integrated technology risk assessments of new and existing IT products,  services, and technology-enabled capabilities to identify and evaluate potential risks to NM, and collaborates with business partners to support remediation of identified risks or issues.

  • Responsible for educating, coaching, and guiding leaders across the company on information risk.  Understands both the business and technical implications of information risk and advises on appropriate investment decisions.

  • Accountable for the resolution of escalated information risk issues related to information protection policies, standards, processes and controls; information protection awareness and training program; noncompliance issues and security incidents in order to effectively balance the needs of the business with the associated risks.

  • Other responsibilities may be assigned as necessary.

Bring your best! What this role needs:

  • Bachelor's degree with an emphasis in MIS, Business or related field; or related work experience beyond the minimum required.

  • Ten years of professional experience in information systems or systems audit.

  • Minimum of two years of experience leading complex projects or developing, influencing, and recommending business strategies.

  • Demonstrable ability to independently identify and resolve critical and complex issues through effective problem solving skills.

  • Ability to deal with ambiguity.

  • Demonstrable ability to maintain and strengthen relationships; ability to effectively influence and negotiate with internal and external partners; and proven organizational savvy with demonstrated tact and diplomacy.

  • Proven business and technical communication skills; ability to communicate in both business and technical terminology based on the situation and the audience.

  • Solid understanding of information risks and IT general controls.

  • Solid experience applying industry-standard frameworks (e.g., NIST Cyber Security Framework, ISO 27002, COBIT) in performing IT risk management activities.

  • Solid experience in at least two of the following: IT risk assessment, IT governance, IT risk management, IT compliance, enterprise architecture, application development, IT infrastructure, IT operations, or IT audit.

  • Solid ability to lead teams and build consensus around complex technical and business decisions.

Desired Skills

Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP)

Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!

W e are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.


FIND YOUR FUTURE

We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.